Choosing a key modulus greater than 512 may take
The name for the keys will be: R1.cioby.roĬhoose the size of the key modulus in the range of 360 to 4096 for your The output of this command looks similar to the below: Once the keys are created, they are stored in NVRAM and are inaccessible. Using keys shorter than 1024 bits is not recommended. Larger keys provide greater security, but affect performance. The key length accepted by the router or switch is between 3 bits. Type the following command in global configuration mode:Īfter typing this command you will be asked the length of the key. Enter global configuration mode and run the following sequence of commands, replacing the hostname ( R1) and the domain name ( cioby.ro) with your own names:Īfter the hostname and domain name have been configured you must generate an RSA key pair for your device. The next step is to configure the hostname and the domain name. The output of this command shows that SSH is supported but it’s disabled. %Please create RSA keys (of at least 768 bits size) to enable SSH v2. From user or privileged exec mode run the following command:
#Configure ssh on cisco switch upgrade#
If the image contains k9 in its name then you can use cryptographic features, otherwise you need to upgrade the IOS version.Īfter you have confirmed your IOS image supports SSH, verify if it’s not already enabled. Find the line that starts with System image file is. The easiest way to find out if your IOS images supports SSH is to run the show version command in user exec mode and look at the image name. In order to enable SSH on a Cisco router or switch you must verify first if the IOS image on the device supports it. In order to use SSH2 you need a IOS version 12.3(4)T or newer. SSH1 became available in Cisco’s IOS, starting with release 12.1(1)T. You should implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm. Communication between the client and server is encrypted in both versions. SSH protocol comes in two versions SSH1 and SSH2. Lately telnet access method has been replaced by SSH which offers increased security by encrypting all traffic between source and destination. This way anybody using a protocol analyzer can gain access to the data. Nowadays using telnet is not safe because all traffic including usernames and passwords is transmitted in clear text. Older IOS images on Cisco devices used telnet as default login method for the vty lines.